{"vuid":"VU#608020","idnumber":"608020","name":"Microsoft Windows Media Player PNG processing buffer overflow","keywords":["Microsoft","Windows","Media Player","buffer overflow","PNG images","ms06-june","MS06-024"],"overview":"Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Windows Media Player Windows Media Player is a multimedia application that comes with Microsoft Windows. The Problem Windows Media Player fails to properly validate PNG image files (.png), potentially allowing a stack-based buffer overflow to occur. For more information refer to Microsoft Security Bulletin MS06-024","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code. If the attacked user is running with administrative privileges, the attacker could take complete control of an affected system.","resolution":"Apply a patch from Microsoft\nMicrosoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-024.","workarounds":"For a list of workarounds refer to Microsoft Security Bulletin MS06-024.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin MS06-024. Microsoft credits Greg MacManus of \niDEFENSE\n with providing information related to this vulnerability.","author":"This document was written by Jeff Gennari","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","6","-","0","2","4",".","m","s","p","x"],"cveids":["CVE-2006-0025"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-13T18:23:24Z","publicdate":"2006-06-13T00:00:00Z","datefirstpublished":"2006-06-13T21:20:06Z","dateupdated":"2006-06-13T21:22:10Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"14","cam_population":"20","cam_impact":"18","cam_easeofexploitation":"13","cam_attackeraccessrequired":"16","cam_scorecurrent":"40.716","cam_scorecurrentwidelyknown":"47.736","cam_scorecurrentwidelyknownexploited":"75.816","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":40.716,"vulnote":null}